Charities must not neglect their legal responsibility to protect personal information, says the Information Commissioner's Office (ICO).
The ICO has found the Alzheimer's Society in breach of the Data Protection Act after the organisation reported losses of personal data in 2009.
Several laptops were stolen during a burglary in Cardiff, but none were encrypted, secured by cable locks or locked away securely, the ICO said.
One of the laptops contained the personal details, including names, addresses, national insurance numbers and salary details, of about 1,000 staff across England, Wales and Northern Ireland.
The Alzheimer's Society has signed a formal Undertaking to improve security.
The Undertaking requires staff to be made aware of the Society's policies for the storage, use and disposal of personal information.
Sally-anne Poole, head of investigations at the ICO, said portable devices must be encrypted if they are used to store personal information.
"It is vital that all organisations ensure personal information is handled securely and that appropriate staff have adequate training in this area," she said.